package com.aruba.springsecuritystudy.controller;

import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PostAuthorize;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class DemoController {

    // Secured角色需要加上ROLE前缀
    @Secured({"ROLE_admin", "register"})
    @RequestMapping("/demo")
    public String demo() {
        return "demo";
    }

    // PreAuthorize中可以调用方法
    @PostAuthorize("hasRole('admin')")
    @RequestMapping("/demo2")
    public String demo2() {
        return "demo";
    }
}
